hacnho's picture
Upload README.md with huggingface_hub
3e885eb verified
|
Raw
History Blame Contribute Delete
1.45 kB
---
tags:
- security
- huntr
- model-file
- tensorrt
- detectionlayer
- backdoor
---
# TensorRT DetectionLayer silent suppression proof of concept
This repository contains a bounded research PoC for TensorRT engine files that
embed a `DetectionLayer_TRT` payload with semantically invalid serialized
parameters.
The security question is whether a normal engine load + inference path will
silently suppress detections compared with a benign control engine.
## Files
- `control.engine`
- `neg_keepTopK.engine`
- `verify_remote_poc.py`
- `requirements.txt`
## What the files do
Both files are valid TensorRT engine files that load via:
```python
runtime.deserialize_cuda_engine(...)
```
Both also execute via:
- `engine.create_execution_context()`
- `execute_async_v3(0)`
Control behavior:
```json
{
"positive_cls": [0.5],
"mixed_bbox": [0.11951626092195511]
}
```
Malicious behavior:
```json
{
"positive_cls": [0.0],
"mixed_bbox": [0.0]
}
```
## Verify the public HF artifacts
After unauthenticated download, run:
```bash
python verify_remote_poc.py
```
Expected result:
- both engines load successfully
- control and malicious execution both succeed
- the malicious engine suppresses outputs that are present in the control engine
## Safety note
This is a bounded research PoC:
- no code execution claim
- no external callbacks
- only deterministic execute-time output suppression after a trusted engine load